CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

April 26, 2025

CVE ID : CVE-2025-2907

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Next Article CVE-2025-3914 – Airtable Aeropage Sync for WordPress Unauthenticated Arbitrary File Upload Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library

Exploring Empty Spaces: Human-in-the-Loop Data Augmentation

My health information has been stolen. Now what?

Benchmark Amazon RDS for PostgreSQL with Dedicated Log Volumes

Atomfall: Finding all of the Interchange entrance locations

New Pixel 9a update limits its battery to extend its life – how it works

The Significance of Application Performance Monitoring for Businesses

Google Quick Share upgrade makes it easier to share files

Building automations to accelerate remediation of AWS Security Hub control findings using Amazon Bedrock and AWS Systems Manager

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Related Posts